This lightweight C# application serves as a demonstration of how simple it is to interactively access a remote system's shell via named pipes using the SMB protocol. It includes an optional encryption layer leveraging AES GCM, utilizing a shared passphrase between both the server and the client.
SharpFtpC2 is a small, experimental project aimed at exploring the possibility of using FTP(S) for relaying commands and responses between two remote computers. It employs the FTP protocol as a makeshift tunnel through which the computers, both acting as clients connected to an FTP server, can communicate. A simple session management scheme is used to keep track of the exchange of requests and responses.
DLest is a Microsoft Windows application that helps developers and malware analysts analyze and manipulate exported functions in Portable Executable (PE) files, especially DLLs. It allows you to enumerate exported functions using various methods and supports the analysis of memory-loaded modules in real time. It also has the ability to dump a reconstructed version of any module for further analysis. DLest is fully multithreaded and efficient for processing large numbers of PE files. It is useful for developers and malware analysts and streamlines their tasks.
PsyloDbg is a versatile, user-friendly, and open-source debugger for the Windows platform. It is entirely written in Delphi, and its purpose is to assist malware analysts in their work by providing them with a fast and effective tool. As a result, analysts can save time and improve their response to malware threats.
The purpose of this tool is to allow users to run applications with system-level privileges in the context of their current active Windows session, using only the Microsoft Windows Task Scheduler.
Unlike other common tools, this technique does not require any external software or services, and can be easily configured to launch the system terminal and run the desired application within the current session. This allows users to access system-level functionality and interact with the application in real time.
PowerBruteLogon is a ported version of WinBruteLogon in pure PowerShell.
Power Remote Desktop is a powerful and easy-to-use remote desktop application that is written entirely in PowerShell. Unlike other remote desktop solutions, it does not rely on any external software or protocols to function, making it quick and easy to install and use. Its primary advantage is its use of PowerShell, which allows for seamless integration with other scripts and tools, as well as its user-friendly interface. Power Remote Desktop is a versatile and reliable solution for anyone needing to access and control remote computers.
Win Brute Logon v1.0
Win Brute Logon is designed to simulate a brute-force attack on a Microsoft account by guessing large numbers of password combinations in a short amount of time. This allows pentesters to test the security posture of their systems and assess their defenses against brute-force attacks. The tool exploits the lack of an account lockout mechanism, which is a common weakness in many systems (before account lockout becomes enabled by default on Windows 11). By attempting to guess the password of an account, the tool can help pentesters identify and address vulnerabilities in their security measures. It should be used responsibly and within the bounds of the law.
Windows File Tools v1.0
Windows File Tools is a tool that monitors changes in the Windows directory structure. It can detect file creations, modifications, deletions, and folder creations, among other changes. The tool is designed to help you keep track of changes to your files and folders, and can alert you when something has been added, modified, or deleted.
One of the key features of Windows File Tools is its ability to monitor changes in real-time. This means that as changes occur, the tool will immediately detect and report on them. This can be useful for a variety of purposes, such as keeping track of changes made by other users, or ensuring that important files are not accidentally deleted or modified.
However, it is important to note that Windows File Tools is no longer maintained, and may be limited in its ability to detect changes if too many occur at the same time. Despite this limitation, the tool can still be useful for basic monitoring of changes to your Windows directory structure.
The application is a command-line tool that allows you to execute commands as a different user without the need to log out and log back in. This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account, such as when you need to run a command as an administrator or when you need to test or troubleshoot something.
To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user within the current console window.
Winja is a tool that allows you to submit files to VirusTotal for scanning. It has a user-friendly interface that allows you to send files using drag-and-drop, and also has the ability to submit files directly from running active processes, networking processes, and startup applications.
One of the key features of Winja is its ability to scan potentially dangerous locations for files that may be suitable for submission to VirusTotal.
It's important to note that Winja is not intended to replace other anti-malware tools, but rather to complement them. While it can be a useful tool for scanning individual files and detecting potential threats, it should not be relied upon as the sole means of protecting your system from malware.
Additionally, it's worth noting that Winja is no longer maintained, so it may not receive updates or support. Despite this, it may still be useful as a supplementary tool for scanning individual files for viruses and other threats.
RunAsAttached Networked v1.0
The application is a command-line tool that allows you to run commands as another Microsoft Windows user without spawning a new console, and also create a reverse shell for redirecting commands input and output over a network connection. The tool takes the name and password of the target user, as well as the command to be run and network connection details, and executes the command as the specified user within the current terminal, while also establishing a reverse shell connection for redirecting input and output.
The application is a tool that allows you to run commands as another Microsoft Windows user without spawning a new console. This means that the commands are executed within the current terminal, rather than in a separate window.
To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user, attached to the current terminal.
This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account. For example, you might use the application to run a command as an administrator when you don't have administrative permissions, or to run a command as a different user in order to test or troubleshoot something.